Removing Printers Connected to Specific Print Server

(imported topic written by SystemAdmin)

I need to remove all printers that connect to a specific print server.

It seems like it is not possible through DOS and I am not familiar enough with VBScript to go that route. I did find that network printers are listed under “HKEY_CURRENT_USER\Printers\Connections” (and therefore under HKEY_USERS as well) with key names of “, , ,”. If you delete those keys the printers no longer show under “Printer and Faxes” and the user can no longer see or use those printers. Now my problem is you can’t delete registry keys from BigFix only values and I can’t use REG DELETE because we have Windows 2000 in our environment. I was then trying to create a reg file to remove the keys but I seem unable to return multiple results from a single relevance line. Any help would be much appreciated.

ACTION SCRIPT:

createfile until theend

Windows Registry Editor Version 5.00

{(if(name of it as string as lowercase contains “”) then ("") else (nothings)) of (keys of key “HKEY_CURRENT_USERS\Printers\Connections” of registry)}

theend

RESULTING FILE:

Windows Registry Editor Version 5.00

RESULTS FROM RELEVANCE DEBUGGER

q: (if(name of it as string as lowercase contains “”) then ("") else (nothings)) of (keys of key “HKEY_CURRENT_USERSPrinters\Connections” of registry)

A:

-HKEY_CURRENT_USERS\Printers\Connections,,<Printer Name 1>

A:

-HKEY_CURRENT_USERS\Printers\Connections,,<Printer Name 2>

T: 0.188 ms

I: plural string

(imported comment written by jessewk)

See this post: http://forum.bigfix.com/viewtopic.php?pid=1843

Let us know if you need more guidance.

(imported comment written by SystemAdmin)

My Relevance in Relevance Debugger seems to return the results I want but my output file doesn’t mirror the Debugger results.

ACTION SCRIPT

delete __appendfile

appendfile {“Windows Registry Editor Version 5.00%0d%0a%0d%0a” & concatenation “%0d%0aSTART” of (if (name of it as string as lowercase contains “”) then ("%0d%0a") else (nothings)) of (keys of key “Printers\Connections” of key “HKEY_CURRENT_USERS” of registry) & “%0d%0aEND”}

move __appendfile temp.reg

CONTENTS OF temp.reg

Windows Registry Editor Version 5.00

END

RELEVANCE DEBUGGER

q: “Windows Registry Editor Version 5.00%0d%0a%0d%0a” & concatenation “%0d%0aSTART” of (if (name of it as string as lowercase contains “”) then ("%0d%0a") else (nothings)) of (keys of key “Printers\Connections” of key “HKEY_CURRENT_USERS” of registry) & “%0d%0aEND”

A: Windows Registry Editor Version 5.00%0d%0a%0d%0a

-HKEY_CURRENT_USERS\Printers\Connections,,

%0d%0a%0d%0aSTART

-HKEY_CURRENT_USERS\Printers\Connections,,

%0d%0a%0d%0aSTART

-HKEY_CURRENT_USERS\Printers\Connections,,

%0d%0a%0d%0aEND

T: 0.266 ms

I: singular string

(imported comment written by jessewk)

That’s because the client runs in system context and the relevance debugger runs in your user context. So when you query HKCU, you will get different answers.

The workaround is here: http://forum.bigfix.com/viewtopic.php?id=11

You’ll just need to substitute the relevance from the above post into your relevance wherever you are referencing the HKCU branch.

(imported comment written by SystemAdmin)

I should have caught that, thank you. I fear I now have another problem I should be catching but for whatever reason eludes me. The correct reg file is now created and when I double click it, it removes the correct registry keys. I can not, however, get BF to execute the reg file using action script in the Fixlet. I’ve tried “wait regedit.exe -s temp.reg”, “wait regedit.exe /s temp.reg”, “run regedit.exe /s temp.reg”, “wait regedit.exe /s \temp.reg”, I’ve copied the temp.reg file to C:\ then tried “wait regedit /s C:\temp.reg” all to no avail. When I use “wait regedit temp.reg” regedit launches and asks if I want to continue. When I click Yes the box comes up that says that it has been successfully entered into the registry but the keys still are not removed. In all the cases when I double click “temp.reg” the keys are removed without a problem. When I try the commands from a DOS prompt they also work.

Completed: // enter your action script here

Completed: delete __appendfile

Completed: delete temp.reg

Completed: appendfile {“Windows Registry Editor Version 5.00%0d%0a%0d%0a” & concatenation “%0d%0a” of (if (name of it as string as lowercase contains “”) then ("%0d%0a") else (nothings)) of (keys of key “Printers\Connections” of ((key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry)))}

Completed: move __appendfile temp.reg

Completed: wait regedit -s temp.reg

Not as important but I would be grateful if you could point me in the right direction: The first forum link posted here shows how to use relevance to edit a single key under different user keys. What I want to do is delete multiple keys under all the users e.g. HKEY_USERS<User SSID>\Printers\Connections<All keys with a value containing . I should probably just learn VBScript.

Displaying a single key under all the users:

q: (("") of keys of key “HKEY_USERS” of registry)

A:

http://-HKEY_USERS.DEFAULT\Printers\Connections

A:

-HKEY_USERS\S-1-5-19\Printers\Connections

A:

-HKEY_USERS\S-1-5-19_Classes\Printers\Connections

A:

-HKEY_USERS\S-1-5-20\Printers\Connections

A:

-HKEY_USERS\S-1-5-20_Classes\Printers\Connections

A:

-HKEY_USERS<User SSID>\Printers\Connections

A:

-HKEY_USERS<User SSID>_Classes\Printers\Connections

A:

-HKEY_USERS\S-1-5-18\Printers\Connections

T: 0.258 ms

I: plural string

Displaying all the network printer keys for all the users (But not the full path to the key)

q: (names of (keys of keys “Printers\Connections” of keys of key “HKEY_USERS” of registry))

A: ,,

A: ,,

A: ,,

A: ,,

A: ,,

A: ,,

T: 0.562 ms

I: plural string

My Attempt at combining the above two

q: (("" & (names of (keys of keys “Printers\Connections” of keys of key “HKEY_USERS” of registry))) of keys of key “HKEY_USERS” of registry)

E: A singular expression is required.

(imported comment written by SystemAdmin)

Alas, I made the same mistake yet again. This time instead of trying to locate keys from Current_User to delete I was attempting to actually delete them from Current_User instead of User\SSID. A correct reg file would therefore be generated just not one the system account would be able to apply. Thank you for your help Jessewk.